How to Set Up OpenVPN on Ubuntu Linux: A Step-by-Step Guide

Prerequisites

Before you begin, make sure you have:

• A machine running Ubuntu 20.04 or later (the steps also apply to Debian-based distros)
• A terminal with sudo access
• An .ovpn configuration file from your VPN provider

Step 1: Update Your Package Index

Always start with a fresh package index to ensure you're installing the latest available version of OpenVPN.

sudo apt update && sudo apt upgrade -y

Step 2: Install OpenVPN

Install OpenVPN and the optional network-manager-openvpn plugin if you want GUI support through GNOME Network Manager:

sudo apt install openvpn -y
# Optional: for GUI integration
sudo apt install network-manager-openvpn network-manager-openvpn-gnome -y

Step 3: Import Your .ovpn Configuration File

Copy your .ovpn file to the OpenVPN configuration directory:

sudo cp ~/Downloads/your-vpn-config.ovpn /etc/openvpn/client/myvpn.conf

Make sure the file is readable only by root to protect any embedded credentials:

sudo chmod 600 /etc/openvpn/client/myvpn.conf

Step 4: Connect to the VPN

You can connect directly using the OpenVPN command:

sudo openvpn --config /etc/openvpn/client/myvpn.conf

If your provider requires a username and password, OpenVPN will prompt you in the terminal. To avoid entering credentials each time, create an auth.txt file:

sudo nano /etc/openvpn/client/auth.txt

Add your username on the first line and password on the second line, then save. Update your .conf file to reference it:

auth-user-pass /etc/openvpn/client/auth.txt

Secure the credentials file:

sudo chmod 600 /etc/openvpn/client/auth.txt

Step 5: Run OpenVPN as a System Service

To have OpenVPN start automatically at boot, enable it as a systemd service:

sudo systemctl enable openvpn-client@myvpn
sudo systemctl start openvpn-client@myvpn

Check the connection status:

sudo systemctl status openvpn-client@myvpn

You should see Active: active (running) if the connection was successful.

Step 6: Verify Your VPN Connection

Confirm that your traffic is routing through the VPN by checking your public IP address:

curl ifconfig.me

The IP address returned should match your VPN server's IP, not your real ISP-assigned address.

Step 7: Check for DNS Leaks

A VPN tunnel that leaks DNS queries still exposes your browsing activity. Visit a DNS leak test site and run an extended test. If you see your ISP's DNS servers in the results, add the following lines to your .conf file to force DNS through the VPN:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Then install the resolvconf package if it isn't already present:

sudo apt install resolvconf -y

Troubleshooting Tips

• Connection timeout: Try switching from UDP to TCP in your .ovpn file (proto tcp).
• TLS handshake error: Ensure your system clock is accurate — TLS is time-sensitive.
• Permission denied errors: Double-check file ownership and permissions with ls -la /etc/openvpn/client/.

Once connected and verified, you'll have a fully functional OpenVPN setup on Ubuntu that encrypts all outgoing traffic automatically.